Log back in as a customer again. Theme policy is applied. If no one hits this page for awhile, the theme policy just dissapears, whooosh! I was able to reproduce this with another test id as well.

Pretty sure this is the exception. Some basic googling didn’t find much – just a recommendation to make sure a couple services have started. In our case they should be started or no one would ever see a theme policy being applied.

The root cause of the issue with theme policies was an inconsistency between Puma and RDN (relative distinguished name) config. Appears that for customers, because their RDN was cn= and Puma was expecting uid=, they were unable to authenticate to JCR to retrieve the them policy values. Once a user identified by uid accessed the page, it was loaded successfully and cached for a while (~30 min). Once the cache expired, they were broken again.

Fix was to update the PumaService.properties per the technote below and run the update-properties config task.